Thales study finds Australian organizations ahead on encryption

One of the challenges facing organizations in the cybersecurity landscape is the evolving nature of modern attacks. Threats like malware and viruses have become adaptable and customizable, making it difficult to protect against every risk that's out there. In response, many organizations are shifting focus from network to data protection as a way of securing critical assets.

A recent study conducted by security company Thales found that a growing number of organizations in Australia are incorporating encryption into their data security strategies. The survey found the number of respondents using encryption has increased at a compound annual growth rate of 20 percent since 2008. In addition, Australian businesses are much more concerned by the reputational risks associated with security breaches than companies in other countries.

"Encryption is taking center stage as a strategic IT security issue in order to mitigate the risk of data breaches and cyber attacks and to protect an organization’s brand, reputation and credibility," said Richard Moulds, vice president strategy at Thales. "Australian organizations well understand these risks and how to respond through the encryption of sensitive or confidential information."

Although Thales said Australia is ahead of other countries when it comes to having an enterprise encryption plan, healthcare organizations in the United States are beginning to adopt it as they look to safely transition into the era of digitization. The U.S. Department of Health and Human Services recently published a draft of the final rule regarding its Electronic Health Record Incentive Program. The rule comes in response to the rising number of security breaches that have been identified by HHS and one of the most common causes: lost or stolen devices.

"We agree that this is an area of security that appears to need specific focus," the HHS rule states. "Recent HHS analysis of reported breaches indicates that almost 40 percent of large breaches involve lost or stolen devices. Had these devices been encrypted, their data would have been secured."

The rule goes on to explain the intention and rationale behind the new guidelines. HHS said the rule is not intended to overstep the boundaries of the Health Insurance Portability and Accountability Act, but to highlight the importance of encryption. Although it does not require organizations to encrypt data in every instance, they will need to assess whether encryption is beneficial and reasonable. Additionally, if it is not a viable option for potentially sensitive data, organizations will be required to find an equally secure alternative.